CVE-2024-8224 Tenda G3 setDebugCfg formSetDebugCfg stack-based overflow

A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.20. This issue affects the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. The attack may be initiated remotel...

CVE-2024-8222 SourceCodester Music Gallery Site sql injection

A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. This affects an unknown part of the file /admin/?page=musics/managemusic. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has bee...

CVE-2024-8166

CVE-2024-8166 concerns Ruijie EG2000K 11.1(6)B2. The vulnerability is in the code path unknown in the file /tool/index.php?c=download&a=save, where manipulation of the parameter content leads to unrestricted file uploads. The issue is exploitable remotely and has been publicly disclosed. Connecte...

CVE-2024-8163 Chengdu Everbrite Network Technology BeikeShop files destroyFiles path traversal

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this issue is the function destroyFiles of the file /admin/filemanager/files. The manipulation of the argument files results in path traversal. It is possible to launch the attack remotely. The...

CVE-2024-8163 Chengdu Everbrite Network Technology BeikeShop files destroyFiles path traversal

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this issue is the function destroyFiles of the file /admin/filemanager/files. The manipulation of the argument files results in path traversal. It is possible to launch the attack remotely. The...

CVE-2024-8153

CVE-2024-8153 affects SourceCodester QR Code Bookmark System 1.0. The vulnerability is a cross-site scripting flaw in the bookmark parameter of /endpoint/delete-bookmark.php, exploitable remotely and reported publicly. Multiple sources confirm the issue, with remediation guidance recommending upg...

CVE-2024-8145

A vulnerability, which was classified as problematic, has been found in ClassCMS 4.8. Affected by this issue is some unknown functionality of the file /index.php/admin of the component Article Handler. The manipulation of the argument Title leads to basic cross site scripting. The attack may be...

CVE-2024-8112

A vulnerability was found in thinkgem JeeSite 5.3. It has been rated as problematic. This issue affects some unknown processing of the file /js/a/login of the component Cookie Handler. The manipulation of the argument skinName leads to cross site scripting. The attack may be initiated remotely. T...

CVE-2024-7943 itsourcecode Laravel Property Management System PropertiesController.php upload unrestricted upload

A vulnerability was found in itsourcecode Laravel Property Management System 1.0 and classified as critical. This issue affects the function upload of the file PropertiesController.php. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The...

CVE-2024-7927 ZZCMS class.php path traversal

A vulnerability classified as critical was found in ZZCMS 2023. Affected by this vulnerability is an unknown functionality of the file /admin/class.php?dowhat=modifyclass. The manipulation of the argument skin leads to path traversal. The attack can be launched remotely. The exploit has been...

CVE-2024-43248

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Bit Apps Bit Form Pro allows File Manipulation.This issue affects Bit Form Pro: from n/a through 2.6.4...

CVE-2024-43248

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Bit Apps Bit Form Pro allows File Manipulation.This issue affects Bit Form Pro: from n/a through 2.6.4...

CVE-2024-43248

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Bit Apps Bit Form Pro allows File Manipulation.This issue affects Bit Form Pro: from n/a through 2.6.4...

CVE-2024-43248

CVE-2024-43248 affects Bit Form Pro (WordPress) up to version 2.6.4, enabling unauthenticated arbitrary file deletion via an unauthenticated path traversal vulnerability. The vulnerability is currently listed as Unpatched; no official fix/version is provided in the connected documents. Monitor fo...

CVE-2024-7919 Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetDataList access control

A vulnerability, which was classified as critical, has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. This issue affects some unknown processing of the file /report/ParkChargeRecord/GetDataList. The manipulation leads to improper access controls. The...

CVE-2024-7911

CVE-2024-7911 concerns SourceCodester Simple Online Bidding System 1.0. The vulnerability resides in an unknown part of the file /simple-online-bidding-system/bidding/index.php, where manipulating the parameter page leads to file inclusion. It is exploitable remotely and the exploit has been disc...

CVE-2024-7910

A vulnerability was found in CodeAstro Online Railway Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/emp-profile-avatar.php of the component Profile Photo Update Handler. The manipulation leads to unrestricted upload. The...

CVE-2024-7907 TOTOLINK X6000R cstecgi.cgi setSyslogCfg command injection

A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.85220230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injection. The attack may be initiated remotely. T...

CVE-2024-7901

A vulnerability has been found in Scada-LTS 2.7.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/app.shtm/alarms/Scada of the component Message Handler. The manipulation leads to cross site scripting. The attack can be launched...

CVE-2024-7896 Tosei Online Store Management System ネット店舗管理システム p1_ftpserver.php command injection

A vulnerability was found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. It has been rated as critical. Affected by this issue is some unknown functionality of the file /cgi-bin/p1ftpserver.php. The manipulation of the argument adrtxt leads to command injection. The attack ma...